swordRecovery server control by using the following code segment.You need to ensure that the server control generates a new password and sends it by e-mail to the users e?mail address. Which two actions should you perform?（）

A. Create a validdefinition in the Web.config file.

B. Set the passwordFormat attribute of the configured membership provider to Encrypted.

C. Ensure that the enablePasswordRetrieval attribute of the configured membership provider is set to False.

D. Ensure that the enablePasswordRetrieval attribute of the configured membership provider is set to True.

A.A

B.B

C.C

D.D

theDNSserverrole.Youalsohaveaservernamedservercorethatrunsaservercoreinstallationofwindowsserver2008.Allcomputersareconfiguredtouseonlyserver1forDNSresolution.Theipaddressofserver1is192.168.0.1.thenetworkinterfaceonallthecomputersisnamedLAN.Server1istemporarilyoffice.AnewDNSservernamedserver2hasbeenconfiguretousetheipaddress192.168.0.254.youneedtoconfigureservecoretouseserver2asthepreferredDNSserver.Whatshouldyoudo？（）

A.Run the netsh interfac eipv4 add dnsserve r“LAN”static 192.168.0.254index=1command.

B.Run the netsh interfac eipv4 set dnsserver“LAN”static 192.168.0.254192.168.0.1bothcommand.

C.Run the nets hinterfac eipv4 set dnsserver“LAN”static 192.168.0.254primary command and the netsh interface ipv4 set dnsserver “LAN” static 192.168.0.1both command.

D.Run the netsh interface ipv4 set dnssserver“LAN”static 192.168.0.254 primary command and the netsh interface ipv4 add dnssserver “LAN” static 192.168.0.1index=1command.

that runs Windows Server 2008 R2. The server has the Routing and Remote Access Services role service installed.You implement Network Access Protection (NAP) for the domain.You need to configure the Point-to-Point Protocol (PPP) authentication method on Server1.Which authentication method should you use？（）

A. Challenge Handshake Authentication Protocol (CHAP)

B. Extensible Authentication Protocol (EAP)

C. Microsoft Challenge Handshake Authentication Protocol version 2 (MS-CHAP v2)

D. Password Authentication Protocol (PAP)

k Policy and Access Services server role installed.You need to allow only members of a global group named Group1 VPN access to the network.What should you do？（）

A. Add Group1 to the RAS and IAS Servers group.

B. Add Group1 to the Network Configuration Operators group.

C. Create a new network policy and define a group-based condition for Group1. Set the access permission of the policy to Access granted. Set the processing order of the policy to 1.

D. Create a new network policy and define a group-based condition for Group1. Set the access permission of the policy to Access granted. Set the processing order of the policy to 3.

A. <authorization> <allow users="?"/> </authorization>

B. <authorization> <deny users="?"/> </authorization>

C. <authorization> <deny users="*"/></authorization>

D. <authorization> <allow users="*"/> </authorization>

A. Create a Group Policy object (GPO) that enables Security Center and link the policy to the domain.

B. Create a Group Policy object (GPO) that enables Security Center and link the policy to the Domain Controllers organizational unit (OU).

C. Create a Group Policy object (GPO) and set the Require trusted path for credential entry option to Enabled. Link the policy to the domain.

D. Create a Group Policy object (GPO) and set the Require trusted path for credential entry option to Enabled. Link the policy to the Domain Controllers organizational unit (OU).

contoso.comandadatum.com.ThefunctionallevelofbothforestsisWindowsServer2008R2.Eachforestcontainsonedomain.ActiveDirectoryCertificateServices(ADCS)isconfiguredinthecontoso.comforesttoallowsersfrom

Thesafer,easierwaytohelpyoupassanyITexams.3/90

bothforeststoautomaticallyenrollusercertificates.

Youneedtoensurethatallusersintheadatum.comforesthaveausercertificatefromthecontoso.com

certificationauthority(CA).

Whatshouldyouconfigureintheadatum.comdomain（）

rrole.Server1hasonenetworkinterfacenamedLocalAreaConnection.ThestaticIPaddressofthenetworkinterfaceisconfiguredas10.0.0.1.YouneedtocreateaDNSzonenamedlocal.contoso.comonserver1.Whichcommandshouldyouuse？（）

A.ipconfig/registerdns：local.contoso.com

B.dnscmdServer1/ZoneAddlocal.contoso.com/DSPrimary

C.dnscmdServer1/ZoneAddlocal.contoso.com/Primary/filelocal.contoso.com.dns

D.netshinterfaceipv4setdnsservername=local.contoso.comstatic10.0.0.1primary

followingActiveDirectoryCertificateServices(ADCS)

roleservicesinstalled:

(Enterpriserootcertificationauthority(CA)

.CertificateEnrollmentWebService

.CertificateEnrollmentPolicyWebService

Youcreateanewcertificatetemplate.

Externalusersreportthatthenewtemplateisunavailablewhentheyrequestanewcertificate.Youverifythatallothertemplatesareavailabletotheexternalusers.

Youneedtoensurethattheexternaluserscanrequestcertificatesbyusingthenewtemplate.WhatshouldyoudoonServer1（）